I have received multiple queries in regards to disabling TLS version on mixed ESXi host versions.

The TLS Reconfiguration Tool works well if you have the same version of vSphere for both your vCenter Server and ESXi host, but has challenges when you are in a mixed environment like this particular customer.

In their environment, they are running vCenter Server 6.5 and ESXi 6.5 & ESXi 6.0 which prevented them from using the TLS Reconfiguration Tool as this is a limitation with the tool today.

Managing TLS protocol configuration for vSphere 6.5/6.7 : https://kb.vmware.com/s/article/2147469

In the newest versions of TLS reconfigurator you can now update ESXi 6.0 hosts which are managed by a vCenter 6.5 u2 or above.

You need to use the “reconfigureEsx60” against the cluster object.


reconfigureEsx60 vCenterCluster -c Temp-CLuster -u administrator@vsphere.local -p TLSv1.1 TLSv1.2